Lucene search

ROSA LABROSA-SA-2021-1950

HistoryJul 02, 2021 - 5:57 p.m.

Advisory ROSA-SA-2021-1950

2021-07-0217:57:45

ROSA LAB

abf.rosalinux.ru

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.955 High

EPSS

Percentile

99.4%

JSON

Software: php 5.4.16
OS: Cobalt 7.9

CVE-ID: CVE-2011-4718
CVE-Crit: MEDIUM
CVE-DESC: A session commit vulnerability in the session subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2012-1171
CVE-Crit: MEDIUM
CVE-DESC: The libxml RSHUTDOWN feature in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors, including calling the stream_close method while using a customized stream shell.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2013-4248
CVE-Crit: HIGH
CVE-DESC: The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 incorrectly handles the character ‘\ 0’ in the domain name in the Subject Alternative Name field of the X.509 certificate, which allows “attacker-in-the-middle” attackers to spoof arbitrary SSL servers using a crafted certificate issued by a legitimate certificate authority, which is an issue related to CVE-2009-2408.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2013-6501
CVE-Crit: MEDIUM
CVE-DESC: The default soap.wsdl_cache_dir parameter in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the / tmp directory, making it easier for local users to execute WSDL. injection attacks by creating a file in / tmp with a predictable filename, which is used by the get_sdl function in ext / soap / php_sdl.c.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2013-6712
CVE-Crit: MEDIUM
CVE-DESC: The scan function in ext / date / lib / parse_iso_intervals.c in PHP via 5.5.6 does not properly restrict the creation of DateInterval objects, which may allow remote attackers to cause a denial of service (heap-based buffer overflow). read) via the created interval specification. read) via the created interval specification.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2013-7327
CVE-Crit: HIGH
CVE-DESC: The gdImageCrop function in ext / gd / gd.c in PHP 5.5.x through 5.5.9 does not validate return values, allowing remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that result in using a NULL pointer as the return value, which is different from vulnerability CVE-2013-7226.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-0207
CVE-Crit: HIGH
CVE-DESC: The cdf_read_short_sector function in cdf.c before 5.19, used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-0236
CVE-Crit: HIGH
CVE-DESC: pre-5.18, used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (null pointer dereferencing and application crash) via a null value of root_storage in the CDF file associated with cdf.c and readcdf.c.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-0237
CVE-Crit: HIGH
CVE-DESC: The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by running multiple file_printf calls.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-0238
CVE-Crit: HIGH
CVE-DESC: The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-2020.
CVE-Crit: MEDIUM
CVE-DESC: ext / gd / gd.c in PHP 5.5.x through 5.5.9 does not validate data types, which could allow remote attackers to obtain sensitive information using a data type of (1) string or (2) array in place of a numeric data type, as shown by calling imagecrop with a string for the value of dimension x, a vulnerability other than CVE-2013-7226.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-2497
CVE-Crit: MEDIUM
CVE-DESC: The gdImageCreateFromXpm function in gdxpm.c in libgd, used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (dereferencing a NULL pointer and crashing the application) via a created color table in the XPM file. .
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-3478
CVE-Crit: MEDIUM
CVE-DESC: Buffer overflow in the mconvert function in softmagic.c in pre-5.19, used in the Fileinfo component in PHP pre-5.4.30 and 5.5.x pre-5.5.14, allows remote attackers to cause a denial of service ( application crash ) via a generated Pascal string in the FILE_PSTRING conversion.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-3479
CVE-Crit: MEDIUM
CVE-DESC: The cdf_check_stream_offset function in cdf.c before 5.19, used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector size data, allowing remote attackers to cause a denial of service (application failure) via the created stream offset in the CDF file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-3480
CVE-Crit: MEDIUM
CVE-DESC: The cdf_count_chain function in cdf.c in cdf.c before 5.19, used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, incorrectly validates sector count data, allowing remote attackers to cause a denial of service (application crash) via the generated CDF file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-3487
CVE-Crit: MEDIUM
CVE-DESC: The cdf_read_property_info function in fileinfo before 5.19, which was used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, incorrectly checks the stream offset, allowing remote attackers to cause a service failure (application failure) via a crafted CDF file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-3515
CVE-Crit: HIGH
CVE-DESC: The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly assumes that certain data structures will have the array data type after deserialization, allowing remote attackers to execute arbitrary code via a crafted string that triggers the use of the Hashtable destructor associated with the “type confusion” issues in (1) ArrayObject and (2) SPLObjectStorage.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-3587
CVE-Crit: CRITICAL
CVE-DESC: An integer overflow in the cdf_read_property_info function in cdf.c in fileinfo before 5.19, which is used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service ( application failure) via a crafted CDF file. NOTE: this vulnerability exists due to an incomplete patch for CVE-2012-1571.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-3597
CVE-Crit: CRITICAL
CVE-DESC: Multiple buffer overflows in the php_parserr function in ext / standard / dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application failure) or possibly execute arbitrary code through a crafted DNS record associated with the dns_get_record function and the dn_expand function. NOTE: this issue occurs due to an incomplete fix for CVE-2014-4049.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-3668
CVE-Crit: HIGH
CVE-DESC: Buffer overflow in date_from_ISO8601 function in mkgmtime implementation in libxmlrpc / xmlrpc.c in XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18 and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application failure) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function associated with a read operation outside the valid range.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-3669
CVE-Crit: HIGH
CVE-DESC: An integer overflow in the object_custom function in ext / standard / var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to a deserialization function that triggers the calculation of a long-length value.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-3670
CVE-Crit: HIGH
CVE-DESC: The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18 and 5.6.x before 5.6.2 mishandles floating point arrays, allowing remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code through a created JPEG image with TIFF thumbnail data that is mishandled by the exif_thumbnail function.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-3981
CVE-Crit: MEDIUM
CVE-DESC: acinclude.m4, used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symbolic link attack on the / tmp / phpglibccheck file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-4049
CVE-Crit: MEDIUM
CVE-DESC: Heap-based buffer overflow in php_parserr function in ext / standard / dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (failure) and possibly execute arbitrary code via a crafted DNS TXT record related to the dns_get_record function.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-4670
CVE-Crit: MEDIUM
CVE-DESC: A post-release exploitation vulnerability in ext / spl / spl_dllist.c in the SPL component of PHP through PHP version 5.5.14 allows context-sensitive attackers to cause a denial of service or possibly have unspecified other impact through the use of a crafted iterator within an application in certain web hosting environments.
CVE-STATUS: default
CVE-REV: Default

CVE-ID: CVE-2014-4698
CVE-Crit: HIGH
CVE-DESC: A Use-after-free vulnerability in ext / spl / spl_array.c in the SPL component of PHP through PHP version 5.5.14 allows context-sensitive attackers to cause a denial of service or possibly have unspecified other impact through the use of a crafted ArrayIterator within an application in certain web hosting environments.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-4721
CVE-Crit: HIGH
CVE-DESC: The implementation of phpinfo in ext / standard / info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not guarantee the use of a string data type for PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER and PHP_SELF variables, which could allow context-dependent attackers to retrieve sensitive information from process memory using an integer data type with the values created, which is related to the “type confusion” vulnerability, as demonstrated by reading the SSL private key in an Apache HTTP Server web hosting environment. with mod_ssl and PHP 5.3.x mod_php.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-5120
CVE-Crit: HIGH
CVE-DESC: gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that path names do not contain % 00 sequences, which could allow remote attackers to overwrite arbitrary files with crafted input. into an application that calls (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) the imagewebp function.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-5459
CVE-Crit: CRITICAL.
CVE-DESC: The PEAR_REST class in REST.php in PEAR in PHP through PHP 5.6.0 allows local users to write to arbitrary files by attacking a character reference to (1) rest.cachefile or (2) rest.cacheid file in / tmp / pear / cache / associated with the retrieveCacheFirst and useLocalCache functions.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-8142
CVE-Crit: MEDIUM
CVE-DESC: A Use-after-free vulnerability in the process_nested_data function in ext / standard / var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code using a crafted call to unserialize that uses improper handling of repeated keys in serialized object properties, which is different from vulnerability CVE-2004-1019.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-9425
CVE-Crit: CRITICAL
CVE-DESC: A double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in Zend Engine in PHP via 5.5.20 and 5.6.x via 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-9427
CVE-Crit: CRITICAL
CVE-DESC: sapi / cgi / cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x to 5.5.20 and 5.6.x to 5.6.4 when mmap is used to read a .php, incorrectly considers the length of the mapping while processing an invalid file that starts with a # character and has no newline character, which causes out-of-bounds reading and can (1) allow remote attackers to obtain sensitive information from php-cgi process memory using the ability to load a .php or (2) initiate unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-9652
CVE-Crit: MEDIUM
CVE-DESC: The mconvert function in softmagic.c before 5.21, which was used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, improperly handles a specific string length field while copying a truncated version of a Pascal string, which could allow remote attackers to cause a denial of service (out-of-range memory access and application crash) via the generated file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-9653
CVE-Crit: MEDIUM
CVE-DESC: readelf.c in pre-5.22, used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not take into account that pread calls sometimes read only a subset of the available data, allowing remote attackers to cause a denial of service (uninitialized memory access) or possibly have an unspecified other impact via the generated ELF file.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2014-9705
CVE-Crit: MEDIUM
CVE-DESC: Heap-based buffer overflow in enchant_broker_request_dict function in ext / enchant / enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger the creation of multiple dictionaries.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-9767
CVE-Crit: MEDIUM
CVE-DESC: Catalog traversal vulnerability in ZipArchive function :: extractTo in ext / zip / php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29 and 5.6.x before 5.6.13 and ext / zip / ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories using the created ZIP archive.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-9912
CVE-Crit: CRITICAL
CVE-DESC: The get_icu_disp_value_src_php function in ext / intl / locale / locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 incorrectly restricts calls to uresbund ICU. cpp, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have an unspecified other impact by calling locale_get_display_name with a long first argument.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-0231
CVE-Crit: HIGH
CVE-DESC: A Use-after-free vulnerability in the process_nested_data function in ext / standard / var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code using a crafted deserialization call that uses improper handling of repeated numeric keys in serialized object properties. NOTE: this vulnerability exists due to an incomplete patch for CVE-2014-8142.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-0232
CVE-Crit: HIGH
CVE-DESC: The exif_process_unicode function in ext / exif / exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a service failure (releasing an uninitialized pointer and crashing the application) via generated EXIF data in a JPEG image.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-0273
CVE-Crit: MEDIUM
CVE-DESC: Multiple vulnerabilities in ext / date / php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via processed serialized input containing a specifier of type (1) R or (2) r in (a) DateTimeZone data processed by php_date_timezone_initialize_from_hash or (b) DateTime data processed by php_date_initialize_from_hash.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-1351
CVE-Crit: HIGH
CVE-DESC: A post-release exploitation vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2015-2331
CVE-Crit: HIGH
CVE-DESC: An integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6. 7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code through a ZIP archive containing many entries, resulting in a heap-based buffer overflow.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-2348
CVE-Crit: MEDIUM
CVE-DESC: The implementation of move_uploaded_file in ext / standard / basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23 and 5.6.x before 5.6.7 truncates the path when the character \ x00 is detected, allowing remote attackers to bypass intended extension restrictions and create files with unexpected names using a specially crafted second argument. NOTE: this vulnerability exists due to an incomplete patch for CVE-2006-7243.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-2783
CVE-Crit: CRITICAL
CVE-DESC: ext / phar / phar.c in PHP before 5.4.40, 5.5.x before 5.5.24 and 5.6.x before 5.6.8 allows remote attackers to retrieve sensitive information from process memory or cause a denial of service (buffer overflow and application crash) via a crafted length value combined with crafted serialized data in the phar archive associated with the phar_parse_metadata and phar_parse_pharfile functions.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-2787
CVE-Crit: CRITICAL
CVE-DESC: A Use-after-free vulnerability in the process_nested_data function in ext / standard / var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code using a crafted deserialization call that uses the unset function in the __wakeup function, which is an issue related to CVE-2015-0231.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-1352
CVE-Crit: MEDIUM
CVE-DESC: The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through version 5.6.7 does not check token extraction for table names, allowing remote attackers to cause a denial of service (null pointer dereferencing and application crash) via a created name.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-3307
CVE-Crit: HIGH
CVE-DESC: The phar_parse_metadata function in ext / phar / phar.c in PHP before 5.4.40, 5.5.x before 5.5.24 and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have an unspecified other impact via a crafted tar archive.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-3329
CVE-Crit: MEDIUM
CVE-DESC: Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in (1) tar, (2) phar, or (3) ZIP archive.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-3330
CVE-Crit: MEDIUM
CVE-DESC: The php_handler function in sapi / apache2handler / sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24 and 5.6.x before 5.6.8, when Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code through pipelined HTTP requests, resulting in a “deconfigured interpreter”.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-3411
CVE-Crit: MEDIUM
CVE-DESC: PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that path names do not contain the % 00 sequences, which could allow remote attackers to read or write to arbitrary files using crafted input to an application that calls (1) the DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by the attack filename \ 0.xml, which bypasses the assumed configuration where client users can only read .xml files.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-3412
CVE-Crit: MEDIUM
CVE-DESC: PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that path names do not contain % 00 sequences, which could allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext / standard / streamsfuncs.c, as demonstrated by the filename \ 0.extension attack, which bypasses the intended configuration where client users can only read files with one specific extension.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4021
CVE-Crit: HIGH
CVE-DESC: The phar_parse_tarfile function in ext / phar / tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not check that the first character of a filename is different from \ 0, allowing remote attackers to cause a denial of service (integer overflow and memory corruption) via a created tar archive entry.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4022
CVE-Crit: HIGH
CVE-DESC: Integer overflow in ftp_genlist function in ext / ftp / ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25 and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long response to a LIST command, resulting in a heap buffer overflow.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4024
CVE-Crit: HIGH
CVE-DESC: An algorithmic complexity vulnerability in the multipart_buffer_headers function in main / rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25 and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service ( CPU Consumption) via generated form data, resulting in an incorrect growth order result.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4025
CVE-Crit: HIGH
CVE-DESC: PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates the path when the character \ x00 is detected in certain situations, allowing remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists due to an incomplete patch for CVE-2006-7243.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4026
CVE-Crit: HIGH
CVE-DESC: The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates the path when the character \ x00 is detected, which could allow remote attackers to bypass the intended extension restrictions. and execute files with unexpected names via the first argument created. NOTE: this vulnerability exists due to an incomplete patch for CVE-2006-7243.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4116
CVE-Crit: CRITICAL
CVE-DESC: Use-after-free vulnerability in the spl_ptr_heap_insert function in ext / spl / spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code, causing SplMinHeap to crash :: compare operation.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4147
CVE-Crit: HIGH
CVE-DESC: The method for calling SoapClient :: __ in ext / soap / soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not check that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing processed serialized data with an unexpected data type related to the “type confusion” issue.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4148
CVE-Crit: HIGH
CVE-DESC: The do_soap_call function in ext / soap / soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not check that the uri property is a string, which allows remote attackers to obtain sensitive information by providing processed serialized data with the int data type, due to a “type confusion” issue.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4598
CVE-Crit: MEDIUM
CVE-DESC: PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that path names do not contain the % 00 sequences, which could allow remote attackers to read or write to arbitrary files using crafted input to an application that calls (1) the DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by the filename \ 0 attack.html, which bypasses the assumed configuration where client users can only write to .html files.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4599
CVE-Crit: CRITICAL
CVE-DESC: The SoapFault :: __ toString method in ext / soap / soap.c in PHP before 5.4.40, 5.5.x before 5.5.24 and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information as a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type related to the “type confusion” issue.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4600
CVE-Crit: CRITICAL.
CVE-DESC: The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to the “type confusion” issues in (1) SoapClient :: __ getLastRequest, (2) SoapClient :: __ getLastResponse, (3) SoapClient :: __ getLastRequestHeaders, (4) SoapClient :: __ getLastResponseHeaders: (5) SoapClient :: __ getLastResponseHeaders: : __ getCookies and (6) SoapClient :: __ setCookie methods.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4601
CVE-Crit: CRITICAL.
CVE-DESC: PHP before 5.6.7 may allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code using an unexpected data type due to “type confusion” issues in (1) ext / soap / php_encoding .c, (2) ext / soap / php_http.c, and (3) ext / soap / soap.c, a different issue than CVE-2015-4600.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4602
CVE-Crit: CRITICAL
CVE-DESC: The __PHP_Incomplete_Class function in ext / standard / incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash ) or possibly execute arbitrary code via an unexpected data type due to a “type confusion” issue.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4603
CVE-Crit: CRITICAL
CVE-DESC: The exception :: getTraceAsString function in Zend / zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24 and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via unexpected type data, related to the “type confusion” issue.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4604
CVE-Crit: HIGH
CVE-DESC: The mget function in softmagic.c in 5.x, which was used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not work properly. maintain a certain pointer relationship that allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is not properly handled by the “Python script executable” rule.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4605
CVE-Crit: HIGH
CVE-DESC: The mcopy function in softmagic.c in 5.x, which was used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not work properly. limit a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code using a crafted string that is not properly handled by the “Python script executable” rule.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4643
CVE-Crit: CRITICAL
CVE-DESC: An integer overflow in the ftp_genlist function in ext / ftp / ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long response to a LIST command, resulting in a heap buffer overflow. NOTE: this vulnerability exists due to an incomplete patch for CVE-2015-4022.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-4644
CVE-Crit: HIGH
CVE-DESC: The php_pgsql_meta_data function in pgsql.c in the PostgreSQL extension (also known as pgsql) in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names , which could allow remote attackers to cause a denial of service (null pointer dereferencing and application crash) via the created name. NOTE: this vulnerability exists due to an incomplete patch for CVE-2015-1352.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-5589
CVE-Crit: CRITICAL
CVE-DESC: The phar_convert_to_other function in ext / phar / phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not check the file pointer before the close operation, which allows remote attackers to cause a denial of service (segmentation error) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in the Phar :: convertToData call.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-5590
CVE-Crit: HIGH
CVE-DESC: Stack-based buffer overflow in phar_fix_filepath function in ext / phar / phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly unspecified other impact due to a large length value, as demonstrated by improper handling of email attachments by PHP’s imap extension.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2015-6832
CVE-Crit: HIGH
CVE-DESC: Use-after-free vulnerability in the SPL deserialization implementation in ext / spl / spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code using created serialized data, causing array field misuse.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2015-6833
CVE-Crit: HIGH
CVE-DESC: A directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via … (dot) in a ZIP archive entry that is mishandled during an extractTo call.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-6834
CVE-Crit: CRITICAL
CVE-DESC: Multiple vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors associated with (1) the serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class that are mishandled during deserialization.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-6835
CVE-Crit: CRITICAL
CVE-DESC: The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 improperly handles several php_var_unserialize calls that allow remote attackers to execute arbitrary code or cause a denial of service ( use-after-free) via crafted session content.
CVE-STATUS: default
CVE-REV: Default

CVE-ID: CVE-2015-6836
CVE-Crit: HIGH
CVE-DESC: The SoapClient __call method in ext / soap / soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mismanages headers, allowing remote attackers to execute arbitrary code using created serialized data, causing “type confusion” in serialize_function_call.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-7803
CVE-Crit: MEDIUM
CVE-DESC: The phar_get_entry_data function in ext / phar / util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (null pointer dereferencing and application crash) via a .phar file with a created TAR archive entry where the Link indicator refers to a non-existent file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-7804
CVE-Crit: MEDIUM
CVE-DESC: Off-by-one bug in the phar_parse_zipfile function in ext / phar / zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (dereferencing an uninitialized pointer and crashing the application) by including / filename in a PHAR .zip archive.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8835
CVE-Crit: CRITICAL
CVE-DESC: The make_http_soap_request function in ext / soap / php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 improperly extracts keys, allowing remote attackers to cause a denial of service (null pointer dereferencing, type confusion, and application crash) or possibly execute arbitrary code via processed serialized data representing the numerically indexed _cookies array associated with the SoapClient :: __ call method in ext / soap / soap.c.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8838
CVE-Crit: MEDIUM
CVE-DESC: ext / mysqlnd / mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses the SSL client parameter to mean that SSL is optional, allowing attackers in the middle to spoof servers using a plaintext version downgrade attack, an issue related to CVE-2015-3152.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8865
CVE-Crit: HIGH
CVE-DESC: The file_check_mem function in funcs.c before 5.23, which was used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, incorrectly handles the continuation level of jumps, allowing context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code through a crafted magic file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8867
CVE-Crit: HIGH
CVE-DESC: The openssl_random_pseudo_bytes function in ext / openssl / openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, making it easy for remote attackers to bypass cryptographic defense mechanisms via undefined vectors.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8873
CVE-Crit: HIGH
CVE-DESC: Stack usage vulnerability in Zend / zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28 and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation error) via recursive method calls.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8874
CVE-Crit: HIGH
CVE-DESC: A stack utilization vulnerability in GD in PHP before PHP 5.6.12 allows remote attackers to cause a denial of service with a crafted imagefilltoborder call.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2015-8876
CVE-Crit: CRITICAL
CVE-DESC: Zend / zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28 and 5.6.x before 5.6.12 does not validate certain Exception objects, allowing remote attackers to cause a denial of service ( Null Pointer Dereferencing and application crash) or initiate unintended method execution using created serialized data.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2015-8877
CVE-Crit: HIGH
CVE-DESC: The gdImageScaleTwoPass function in gd_interpolation.c in the GD graphics library (also known as libgd) before 2.2.0, which was used in PHP before 5.6.12, uses incompatible allocation and release approaches, allowing remote attackers to cause a service failure (memory consumption) via a crafted call, as demonstrated by PHP imagescale function call.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-8879
CVE-Crit: HIGH
CVE-DESC: The odbc_bindcols function in ext / odbc / php_odbc.c in PHP before PHP 5.6.12 incorrectly handles driver behavior for SQL_WVARCHAR columns, allowing remote attackers to cause a denial of service (application crash) in unexpected circumstances by using odbc_fetch_array to access a specific Microsoft SQL Server table type.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2015-8880
CVE-Crit: CRITICAL
CVE-DESC: Double format printer release vulnerability in PHP 7.x before 7.0.1 allows remote attackers to have undefined impact, causing an error.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2015-8935
CVE-Crit: MEDIUM
CVE-DESC: The sapi_header_op function in main / SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated string collapsing without regard to browser compatibility, allowing remote attackers to conduct cross-site scripting (XSS) attacks on Internet Explorer using (1)% 0A% 20 or (2)% 0D% 0A% 20 in the header function.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2015-8994
CVE-Crit: HIGH
CVE-DESC: The issue was found in PHP 5.x and 7.x when the configuration uses apache2handler / mod_php or php-fpm with OpCache enabled. In 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-standard configuration with opcache.validate_permission = 1. The details of the vulnerability are as follows. In PHP SAPI, where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent process during initialization. PHP child processes inherit the SHM descriptor, using it to cache and retrieve the bytecode of the compiled script (“operation code” in PHP jargon). The cache keys vary from configuration to configuration, but the filename is the central key component, and the compiled operation code can usually be run if the script filename is known or can be guessed. Many common shared hosting configurations modify EUIDs in child processes to provide privilege separation between hosted users (e.g., using mod_ruid2 for the Apache HTTP server or php-fpm custom settings). In these scenarios, the default behavior of Zend OpCache overrides script file permissions, sharing a single SHM cache between all PHP child processes. PHP scripts often contain sensitive information: think of CMS configurations where reading or running another user’s script usually means gaining privileges for the CMS database.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-9253
CVE-Crit: MEDIUM
CVE-DESC: The issue was found in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8 and before 7.1.20. The php-fpm main process restarts a child process in an infinite loop when using program execution functions (e.g. passthru, exec, shell_exec or system) with a non-blocking STDIN thread, resulting in the main process using 100% of the CPU. , and consumes disk space with large amounts of error logs, as demonstrated by a client-side attack on shared hosting.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-10158
CVE-Crit: HIGH
CVE-DESC: The exif_convert_any_to_int function in ext / exif / exif.c in PHP before 5.6.30, 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash ) via processed EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-10159
CVE-Crit: HIGH
CVE-DESC: Integer overflow in the phar_parse_pharfile function in ext / phar / phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in the PHAR archive.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-10160
CVE-Crit: CRITICAL
CVE-DESC: Vagueness bug in phar_parse_pharfile function in ext / phar / phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code through a crafted PHAR archive with an alias mismatch.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-10161
CVE-Crit: HIGH
CVE-DESC: The object_common1 function in ext / standard / var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (-read buffer overflow and application crash) due to created serialized data that is improperly handled in the finish_nested_data call.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-10397
CVE-Crit: HIGH
CVE-DESC: In PHP before 5.6.28 and 7.x before 7.0.13, attackers could use incorrect handling of various URI components in the URL parser to bypass hostname-dependent URL checks, as shown in evil.example.com. : 80#@good.example.com/ and evil.example.com:[email protected]/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext / standard / url.c).
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-10712
CVE-Crit: HIGH
CVE-DESC: In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all stream_get_meta_data return values can be controlled if input can be controlled (e.g. during file upload ). For example, calling “$ uri = stream_get_meta_data (fopen ($ file,” r “)) [‘uri’]” mishandles the case where $ file is data: text / plain; uri = eviluri - in other words, the metadata could be set by an attacker.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-1903
CVE-Crit: CRITICAL
CVE-DESC: The gdImageRotateInterpolated function in ext / gd / libgd / gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17 and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (read out of range and application crash) via the large bgd_color argument of the imagerotate function.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-2554
CVE-Crit: CRITICAL
CVE-DESC: Stack-based buffer overflow in ext / phar / tar.c in PHP before 5.5.32, 5.6.x before 5.6.18 and 7.x before 7.0.3 allows remote attackers to cause a denial of service ( application crash ) or possibly have unspecified other impact via a crafted TAR archive.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-3078
CVE-Crit: CRITICAL
CVE-DESC: Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-3141
CVE-Crit: CRITICAL
CVE-DESC: A post-release exploitation vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by initiating a wddx_deserialize call to XML data containing a created var element.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-3142
CVE-Crit: HIGH
CVE-DESC: The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to retrieve sensitive information from process memory or cause a denial of service (outside read restriction and application crash) by placing a PK signature \ x05 \ x06 in an invalid location.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2016-3185
CVE-Crit: HIGH
CVE-DESC: The make_http_soap_request function in ext / soap / php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to retrieve sensitive information from process memory or cause a denial of service (type confusion and application crash) using created serialized _cookies data associated with the SoapClient :: __ call method in ext / soap / soap.c.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-4342
CVE-Crit: HIGH
CVE-DESC: ext / phar / phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 improperly handles uncompressed zero-length data, allowing remote attackers to cause a service failure (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-4343
CVE-Crit: HIGH
CVE-DESC: The phar_make_dirstream function in ext / phar / dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 incorrectly handles null-sized ././@LongLink files, allowing remote attackers to cause a service failure (dereferencing an uninitialized pointer) or possibly have unspecified other impact via a crafted TAR archive.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-4344
CVE-Crit: CRITICAL
CVE-DESC: An integer overflow in the xml_utf8_encode function in ext / xml / xml.c in PHP before version 7.0.4 allows remote attackers to cause a denial of service or possibly have an unspecified other impact with a long utf8_encode function argument, resulting in a heap-based buffer overflow.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-4345
CVE-Crit: CRITICAL
CVE-DESC: An integer overflow in the php_filter_encode_url function in ext / filter / sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have an unspecified other impact via a long string, resulting in a heap buffer overflow.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-4346
CVE-Crit: CRITICAL
CVE-DESC: An integer overflow in the str_pad function in ext / standard / string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have an unspecified other impact via a long string, resulting in a heap-based buffer overflow.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-4537
CVE-Crit: CRITICAL
CVE-DESC: The bcpowmod function in ext / bcmath / bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 takes a negative integer as a scale argument, allowing remote attackers to cause a denial of service or possibly have an unspecified other impact via artificial invocation.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-4538
CVE-Crit: CRITICAL
CVE-DESC: The bcpowmod function in ext / bcmath / bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without regard to whether they are copies of zero, one, or two a global variable that allows remote attackers to cause a denial of service or possibly have an unspecified other impact via artificial invocation.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-4539
CVE-Crit: CRITICAL
CVE-DESC: The xml_parse_into_struct function in ext / xml / xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under -read and segmentation fault) or possibly have an unspecified other impact via the created XML data in the second argument, resulting in a null parser.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-4540
CVE-Crit: CRITICAL
CVE-DESC: The grapheme_stripos function in ext / intl / grapheme / grapheme / grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21 and 7.x before 7.0.6 allows remote attackers to cause a denial of service ( read out of bounds ) or possibly have an unspecified other impact via a negative offset.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-4541
CVE-Crit: CRITICAL
CVE-DESC: The grapheme_strpos function in ext / intl / grapheme / grapheme / grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21 and 7.x before 7.0.6 allows remote attackers to cause a denial of service ( read out of bounds ) or possibly unspecified other impact via a negative offset.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-4542
CVE-Crit: CRITICAL
CVE-DESC: The exif_process_IFD_TAG function in ext / exif / exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 incorrectly creates spprintf arguments, allowing remote attackers to cause a denial of service (read out of valid range) or possibly have unspecified other impact via the header data created.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2016-4543
CVE-Crit: CRITICAL
CVE-DESC: The exif_process_IFD_in_JPEG function in ext / exif / exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not check IFD sizes, allowing remote attackers to cause a denial of service (read out of acceptable range) or possibly unspecified other impact via crafted header data.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5093
CVE-Crit: HIGH
CVE-DESC: The get_icu_value_internal function in ext / intl / locale / locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22 and 7.x before 7.0.7 does not guarantee the presence of the '\ 0 ’ character, which allows remote attackers to cause a denial of service (read out of range) or possibly have an unspecified other impact with the generated locale_get_primary_language call.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5094
CVE-Crit: HIGH
CVE-DESC: An integer overflow in the php_html_entities function in ext / standard / html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by running a large string of output from the htmlspecialchars function.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5095
CVE-Crit: HIGH
CVE-DESC: An integer overflow in the php_escape_html_entities_ex function in ext / standard / html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have an unspecified other impact by running a large string of output from a call to FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var. NOTE: this vulnerability exists due to an incomplete patch for CVE-2016-5094.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5096
CVE-Crit: HIGH
CVE-DESC: Integer overflow in fread function in ext / standard / file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have an unspecified other impact via a large integer in the second argument.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5114
CVE-Crit: CRITICAL
CVE-DESC: sapi / fpm / fpm / fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17 and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, allowing attackers to retrieve sensitive information from process memory or cause a denial of service (read out of bounds and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with customized REQUEST_URI logging.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5385
CVE-Crit: HIGH
CVE-DESC: PHP via 7.0.8 does not attempt to resolve namespace conflicts in section 4.1.18 RFC 3875 and therefore does not protect applications from having untrusted client data in the HTTP_PROXY environment variable, which could allow remote attackers to redirect outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as indicated by (1) an application executing a getenv (‘HTTP_PROXY’) call or (2) PHP’s CGI configuration, also known as "httpoxy. " issue.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5399
CVE-Crit: HIGH
CVE-DESC: The bzread function in ext / bz2 / bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24 and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code through a crafted bz2 archive.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5768
CVE-Crit: CRITICAL
CVE-DESC: A double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23 and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) using a callback exception.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2016-5769
CVE-Crit: CRITICAL
CVE-DESC: Multiple integer overflows in mcrypt.c in PHP’s mcrypt extension before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application failure) or possibly have unspecified other impact via a created length value associated with functions (1) mcrypt_generic and (2) mdecrypt_generic.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5770
CVE-Crit: CRITICAL
CVE-DESC: Integer overflow in SplFileObject function :: fread in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have other undefined impact via a large integer argument, an issue related to CVE-2016-5096.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5771
CVE-Crit: CRITICAL
CVE-DESC: spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the deserialization and garbage collection implementation, allowing remote attackers to execute arbitrary code or cause a denial of service ( use-after-free and application crash) via processed serialized data.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2016-5773
CVE-Crit: CRITICAL
CVE-DESC: php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 does not properly interact with the deserialization and garbage collection implementation, allowing remote attackers to execute arbitrary code or cause a denial of service (post-release usage and application crash) using created serialized data containing a ZipArchive object.
CVE-STATUS: default
CVE-REV: Default

CVE-ID: CVE-2016-6174
CVE-Crit: HIGH
CVE-DESC: applications / core / modules / front / system / content.php in Invision Power Services IPS Community Suite (also known as Invision Power Board, IPB or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code using the content_class parameter.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2016-6288
CVE-Crit: CRITICAL
CVE-DESC: The php_url_parse_ex function in ext / standard / url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via vectors that include the smart_str data type.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-6289
CVE-Crit: HIGH
CVE-DESC: An integer overflow in the virtual_file_ex function in TSRM / tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24 and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack based on buffer overflow) or possibly have an unspecified other impact via a crafted extract operation on a ZIP archive.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-6290
CVE-Crit: CRITICAL
CVE-DESC: ext / session / session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 incorrectly supports a specific hash data structure, allowing remote attackers to cause denial of service (post-release usage) or possibly unspecified other impact via vectors associated with session deserialization.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-6291
CVE-Crit: CRITICAL
CVE-DESC: The exif_process_IFD_in_MAKERNOTE function in ext / exif / exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out- of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly exert unspecified other influence via a generated JPEG image.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-6292
CVE-Crit: MEDIUM
CVE-DESC: The exif_process_user_comment function in ext / exif / exif.c in PHP before 5.5.38, 5.6.x before 5.6.24 and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL dereference pointer and application crash) via a generated JPEG image.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-6294
CVE-Crit: CRITICAL
CVE-DESC: The locale_accept_from_http function in ext / intl / locale / locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly restricts calls to the ICU function uloc_acceptLanguageFromHTTP , allowing remote attackers to cause a denial of service (read out of range) or possibly have unspecified other impact via a call with a long argument.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-6295
CVE-Crit: CRITICAL
CVE-DESC: ext / snmp / snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24 and 7.x before 7.0.9 improperly interacts with the deserialization and garbage collection implementation, allowing remote attackers to cause a denial of service (post-release usage and application crash) or possibly unspecified other impact via created serialized data, issue related to CVE-2016-5773.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-6296
CVE-Crit: CRITICAL
CVE-DESC: An integer signature bug in the simplestring_addn function in simplestring.c from xmlrpc-epi before 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have an unspecified other impact using the long first argument of the PHP xmlrpc_encode_request function.
CVE-STATUS: default
CVE-REV: Default

CVE-ID: CVE-2016-6297
CVE-Crit: HIGH
CVE-DESC: An integer overflow in the php_stream_zip_opener function in ext / zip / zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via the created zip URL: //.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7124
CVE-Crit: CRITICAL
CVE-DESC: ext / standard / var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 improperly handles certain invalid objects, allowing remote attackers to cause a denial of service or possibly have unspecified other impact using created serialized data resulting in (1) a __destruct call or (2) a magic method call.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7125
CVE-Crit: HIGH
CVE-DESC: ext / session / session.c in PHP before 5.6.25 and 7.x before 7.0.10 misses invalid session names in a way that causes incorrect parsing, allowing remote attackers to inject arbitrary session data using session name control, as demonstrated by object injection.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7127
CVE-Crit: CRITICAL
CVE-DESC: The imagegammacorrect function in ext / gd / gd.c in PHP before 5.6.25 and 7.x before 7.0.10 incorrectly checks gamma values, allowing remote attackers to cause a denial of service (outside of -bounds write) or possibly have an unspecified other impact by providing different signs for the second and third argument.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7128
CVE-Crit: MEDIUM
CVE-DESC: The exif_process_IFD_in_TIFF function in ext / exif / exif.c in PHP before 5.6.25 and 7.x before 7.0.10 incorrectly handles the case of a thumbnail offset larger than the file size, allowing remote attackers to retrieve sensitive information. from process memory via the generated TIFF image.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7129
CVE-Crit: CRITICAL
CVE-DESC: The php_wddx_process_data function in ext / wddx / wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation error) or possibly have an unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a call to wddx_deserialize that improperly handles the dateTime element in a wddxPacket XML document.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7130
CVE-Crit: HIGH
CVE-DESC: The php_wddx_pop_element function in ext / wddx / wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (null pointer dereferencing and application crash) or possibly unspecified other impact via an invalid base64 binary value, as demonstrated by a call to wddx_deserialize that improperly handles a binary element in a wddxPacket XML document.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7411
CVE-Crit: CRITICAL
CVE-DESC: ext / standard / var_unserializer.re in PHP before PHP 5.6.26 does not properly handle object deserialization failures, allowing remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a deserialization call that references a partially constructed object.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7412
CVE-Crit: HIGH
CVE-DESC: ext / mysqlnd / mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not check that the BIT field has an UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap based on buffer overflow) or possibly have an unspecified other impact via the metadata of the created field.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7413
CVE-Crit: CRITICAL
CVE-DESC: Use-after-free vulnerability in the wddx_stack_destroy function in ext / wddx / wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly specify another impact via a wddxPacket XML document that lacks an end tag for a record set field element, resulting in incorrect processing in a wddx_deserialize call.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7414
CVE-Crit: CRITICAL.
CVE-DESC: The ZIP signature verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough to allow remote attackers to cause a denial of service (offline). restricts memory access) or possibly have an unspecified other impact via the created PHAR archive associated with ext / phar / util.c and ext / phar / zip.c.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7416
CVE-Crit: HIGH
CVE-DESC: ext / intl / msgformat / msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 incorrectly limits the locale length provided to the Locale class in the ICU library, allowing remote attackers to cause a denial of service (application crash) or possibly unspecified other impact via a MessageFormatter :: formatMessage call with a long first argument.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7417
CVE-Crit: CRITICAL
CVE-DESC: ext / spl / spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 continues to deserialize SplArray without checking the return value and data type, allowing remote attackers to cause a denial of service or possibly have unspecified other impact with the serialized data created.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7418
CVE-Crit: HIGH
CVE-DESC: The php_wddx_push_element function in ext / wddx / wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and read outside bounds) or possibly have unspecified other impact due to an invalid logical element in the wddxPacket XML document, resulting in improper processing in the wddx_deserialize call.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7478
CVE-Crit: HIGH
CVE-DESC: Zend / zend_exceptions.c in PHP, possibly 5.x to 5.6.28 and 7.x to 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data , issue related to CVE-2015-8876.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2016-7480
CVE-Crit: CRITICAL
CVE-DESC: The implementation of SplObjectStorage deserialization in ext / spl / spl_observer.c in PHP before 7.0.12 does not check if a key is an object, allowing remote attackers to execute arbitrary code or cause a denial of service (accessing uninitialized memory ) via processed serialized data.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-7131
CVE-Crit: HIGH
CVE-DESC: ext / wddx / wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (dereferencing a null pointer and crashing the application) or possibly have an unspecified other impact via an ill-formed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks the dmin character in forward_search_range () can result in invalid pointer dereferencing as the out-of-bounds output is read from the stack buffer.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-9228
CVE-Crit: CRITICAL
CVE-DESC: The issue was found in Oniguruma 6.2.0, which was used in Oniguruma-mod in Ruby before 2.4.1.1 and mbstring in PHP before 7.1.5. An off-heap write occurs in bitset_set_range () during compilation of a regular expression due to an uninitialized variable from an invalid state transition. An invalid state transition in parse_char_class () can create an execution path that leaves a critical local variable uninitialized until it is used as an index, resulting in memory corruption of writing outside the allowed limits.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-9229
CVE-Crit: HIGH
CVE-DESC: The issue was found in Oniguruma 6.2.0, which was used in Oniguruma-mod in Ruby before 2.4.1.1 and mbstring in PHP before 7.1.5. SIGSEGV occurs in left_adjust_char_head () during regular expression compilation. Invalid reg-> dmax handling in forward_search_range () can lead to invalid pointer dereferencing, usually as an immediate denial-of-service condition.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-10545
CVE-Crit: MEDIUM
CVE-DESC: The issue was found in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumped FPM child processes allow bypassing opcache access controls because fpm_unix.c executes a PR_SET_DUMPABLE prctl call, allowing one user (in a multi-user environment) to retrieve sensitive information from the memory of a second user’s PHP application processes by running gcore for the PID PHP-FPM Workflow.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-10546
CVE-Crit: HIGH
CVE-DESC: The issue was found in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext / iconv / iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-10547
CVE-Crit: MEDIUM
CVE-DESC: An issue was found in ext / phar / phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. Reflected XSS is present in PHAR 403 and 404 error pages via .phar file request data. NOTE: this vulnerability exists due to an incomplete patch for CVE-2018-5712.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-10548
CVE-Crit: HIGH
CVE-DESC: The issue was found in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext / ldap / ldap.c allows remote LDAP servers to cause a denial of service (null pointer dereferencing and application crash) due to improper handling of the ldap_get_dn return value.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-10549
CVE-Crit: HIGH
CVE-DESC: The issue was found in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext / exif / exif.c has read over limits for created JPEG data because exif_iif_add_value incorrectly handles a MakerNote case that is missing the last character ‘\ 0’.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2018-14883
CVE-Crit: HIGH
CVE-DESC: An issue was found in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. Integer overflow causes a heap-based buffer overflow in exif_thumbnail_extract from exif.c.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-15132
CVE-Crit: HIGH
CVE-DESC: An issue was found in ext / standard / link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function in Windows does not implement open_basedir validation. This can be abused to find files with paths outside of the allowed directories.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-14851
CVE-Crit: MEDIUM
CVE-DESC: exif_process_IFD_in_MAKERNOTE in ext / exif / exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20 and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (read out of range and application failure) via a crafted JPEG file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-17082
CVE-Crit: MEDIUM
CVE-DESC: Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a “Transfer-Encoding: fragmented” request because the bucket brigade is mishandled in the php_handler function in sapi / apache2handler / sapi_apache2.c.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-19395
CVE-Crit: HIGH
CVE-DESC: ext / standard / var.c in PHP 5.x - 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereferencing and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext / com_dotnet /com_handlers.c, as shown in the serialization call to COM (“WScript.Shell”).
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-19396
CVE-Crit: HIGH
CVE-DESC: ext / standard / var_unserializer.c in PHP 5.x - 7.1.24 allows attackers to cause a denial of service (application crash) with a deserialization call for a com, dotnet or variant class.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-19520
CVE-Crit: HIGH
CVE-DESC: A PHP 5.x issue was discovered in SDCMS 1.6. app / admin / controller / themecontroller.php uses the check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent the use of preg_replace ‘e’ calls, allowing users to execute arbitrary code using admin template control access .
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-20783
CVE-Crit: HIGH
CVE-DESC: In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, buffer over-reading in PHAR read functions may allow an attacker to read allocated or unallocated memory behind the actual data when attempting to parse a .phar file. This is related to phar_parse_pharfile in ext / phar / phar.c.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-19935
CVE-Crit: HIGH
CVE-DESC: ext / imap / php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (null pointer dereferencing and application crash) via an empty string in the message argument to the imap_mail function.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-5711
CVE-Crit: MEDIUM
CVE-DESC: gd_gif_in.c in the GD graphics library (also known as libgd), which was used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1 , has an integer signature bug that causes an infinite loop through the created GIF file, as demonstrated by calling the PHP function imagecreatefromgif or imagecreatefromstring. This is related to GetCode_ and gdImageCreateFromGifCtx.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-5712
CVE-Crit: MEDIUM
CVE-DESC: The issue was found in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. The PHAR 404 error page contains Reflected XSS via a .phar file request URI.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-7584
CVE-Crit: CRITICAL.
CVE-DESC: In PHP through 5.6.33, 7.0.x to 7.0.28, 7.1.x to 7.1.14, and 7.2.x to 7.2.2, a stack-based buffer undercount is observed when parsing HTTP data. response in the php_stream_url_wrap_http_ex function in ext / standard / http_fopen_wrapper.c. This subsequently causes a large string to be copied.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-6977
CVE-Crit: HIGH
CVE-DESC: gdImageColorMatch in gd_color_match.c in the GD graphics library (also known as LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1 has a heap-based buffer overflow. This can be exploited by an attacker who can initiate imagecolormatch calls with the image data created.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-9637
CVE-Crit: HIGH
CVE-DESC: The issue was found in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Because of the way rename () is implemented in file systems, it is possible for a renamed file to be briefly available with incorrect permissions while the renaming continues, allowing unauthorized users to access the data.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-9638
CVE-Crit: HIGH
CVE-DESC: An issue was found in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE due to improper handling of the maker_note-> offset to value_len ratio.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-9639
CVE-Crit: HIGH
CVE-DESC: An issue was found in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16 and 7.3.x before 7.3.3. An uninitialized read occurs in exif_process_IFD_in_MAKERNOTE due to improper handling of the data_len variable.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-9020
CVE-Crit: CRITICAL.
CVE-DESC: The issue was found in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the xmlrpc_decode () function can lead to invalid memory accesses (read or read heap after release). This is related to xml_eleelem_parse_buf in ext / xmlrpc / libxmlrpc / xml_element.c.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-9021
CVE-Crit: CRITICAL.
CVE-DESC: The issue was found in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Heap-based buffer re-reading in PHAR read functions in the PHAR extension could allow an attacker to read allocated or unallocated memory behind the actual data when attempting to parsing a filename, which is different from the CVE-2018-20783 vulnerability. This is related to phar_detect_phar_fname_ext in ext / phar / phar.c.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-9023
CVE-Crit: CRITICAL.
CVE-DESC: The issue was found in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. There are a number of heap-based buffer overflow instances in mbstring regular expression functions when they are supplied with invalid multibyte data. These are found in ext / mbstring / oniguruma / regcomp.c, ext / mbstring / oniguruma / regexec.c, ext / mbstring / oniguruma / regparse.c, ext / mbstring / oniguruma / enc / unicode.c, and ext / mbstring / oniguruma / src / utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-9024
CVE-Crit: HIGH
CVE-DESC: The issue was found in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode () may allow a hostile XMLRPC server to force PHP to read memory outside of the allocated areas in base64_decode_xmlrpc in ext / xmlrpc / libxmlrpc / base64.c.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-9641
CVE-Crit: CRITICAL
CVE-DESC: An issue was found in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16 and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
CVE-STATUS: default
CVE-REV: default

OSVersionArchitecturePackageVersionFilename
Cobaltanynoarchphp< 5.4.16UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Cobalt	any	noarch	php	< 5.4.16	UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.955 High

EPSS

Percentile

99.4%

JSON

Related for ROSA-SA-2021-1950